Below is a simple firewall script that you can use on your firewall
server. You can copy-paste it and do just a few minor changes at the
very beginning for things like external interface, public address of
OpenVPN, etc.

In order to get these iptables(8) rules applied after a reboot of
the OpenVPN server you could place a file in
/etc/network/if-pre-up.d directory, which will get executed during
network initialization.

Below is an example script that I’ve used on one of my OpenVPN servers
to make sure the iptables(8) rules are applied after a reboot.

This script has been placed in
/etc/network/if-pre-up.d/iptables-openvpn-rules and it’s content are
listed below: